Re: F21 System Wide Change: Default Local DNS Resolver

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



2014-04-29 17:15 GMT+02:00 Alexander Larsson <alexl@xxxxxxxxxx>:
On tis, 2014-04-29 at 14:15 +0200, Jaroslav Reznik wrote:
> = Proposed System Wide Change:  Default Local DNS Resolver =
> https://fedoraproject.org/wiki/Changes/Default_Local_DNS_Resolver

> To install a local DNS resolver trusted for the DNSSEC validation running on
> 127.0.0.1:53. This must be the only name server entry in /etc/resolv.conf.

This is gonna conflict a bit with docker, and other  users of network
namespaces, like systemd-nspawn. When docker runs, it picks up the
current /etc/resolv.conf and puts it in the container, but the container
itself runs in a network namespace, so it gets its own loopback device.
This will mean 127.0.0.1:53 points to the container itself, not the
host, so dns resolving in the container will not work.

Good point; would it be fair to treat this as a blocker?

(This also assumes that the docker containers will use the same security policy as the host; i.e. that they will be administered by the same entity, no "docker hosting" businesses.)
    Mirek
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux